NSA chief declines comment on spyware reports, says programs lawful

Warren Strobel

3 Min Read

WASHINGTON (Reuters) - The head of the National Security Agency refused to comment on Monday on reports that the U.S. government implants spyware on computer hard drives for surveillance purposes, saying “we fully comply with the law.”

National Security Agency (NSA) Director Michael Rogers testifies before a House (Select) Intelligence Committee hearing on "Cybersecurity Threats: The Way Forward" on Capitol Hill in Washington November 20, 2014. REUTERS/Joshua Roberts

U.S. Navy Admiral Michael Rogers was responding to reports that the NSA had embedded spyware in computers on a vast scale and that along with its British counterpart, had hacked into the world’s biggest manufacturer of cellphone SIM cards.

“Clearly I’m not going to get into the specifics of allegations. But the point I would make is, we fully comply with the law,” Rogers said at a Washington forum sponsored by the New America think-tank.

The Moscow-based security software maker Kaspersky Lab said last week that spies had figured out how to embed spy software deep within hard drives by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on a majority of the world’s computers. Former NSA operatives told Reuters the agency was behind the campaign.

Another report, based on documents provided by former NSA contractor Edward Snowden and published by the Intercept site, said the U.S. agency and its British counterpart hacked into Gemalto, which produces SIM cards. That would potentially allow intelligence agencies to monitor the calls, texts and emails of billions of people, the report said.

Rogers, whose agency has come under intense scrutiny since 2013 when Snowden exposed details of its widespread surveillance programs, said: “I am not going to chase every allegation out there. I don’t have time.”

Even as he declined comment on the reports of aggressive NSA operations, Rogers argued that U.S. intelligence, along with law enforcement agencies, needs the legal means to break strong encryption increasingly built into operating systems such as those of Apple or Google.

“Most of the debate that I’ve seen has been, ‘It’s all or nothing. It’s either total encryption or no encryption at all,’” Rogers said.

If a specific phone is being used to commit a crime or threaten national security, “can’t there be a legal framework for how we access that?” he asked.

(This version of the story corrects paragraph 4 to spies had figured out how to embed spy software)